Keeping an eye on Communist, Totalitarian China, and its influence both globally, and we as Canadians. I have come to the opinion that we are rarely privy to truth regarding the real goal, the agenda of Red China, and it's implications for Canada [and North America as a whole]. No more can we rely on our media as more and more information on China is actively being swept under the carpet - not for consumption.
Sunday, March 12, 2017
experts warn: 'Superfish' disabled after security researchers raise concerns
'Superfish' disabled after security researchers raise concerns
Lenovo notebook computers shipped between October and December 2014 came pre-installed with a program called Visual Discovery/Superfish that has caused alarm among computer security experts. (Kim Kyung-Hoon/Reuters)
Bought a Lenovo computer recently? It may have come with a surprise inside that makes you vulnerable to being attacked by cybercriminals, security researchers say.
Lenovo notebook computers shipped last fall came pre-installed with a program called Visual Discovery/Superfish that has caused alarm among computer security experts.
China-based Lenovo said the software was installed on consumer notebook products shipped between October and December "to help customers potentially discover interesting products while shopping." It did that by analyzing images called up by users while surfing the internet and presenting similar products, the company said on its user forums.
System open to hackers, 'NSA-style spies'
"This is known to cause a lot of problems on websites," Graham wrote on his blog. More alarmingly, the software is designed to intercept all encrypted connections, the blog post said, including "things it shouldn't be able to see. It does this in a poor way that leaves the system open to hackers or NSA-style spies."
Security researcher Marc Rogers wrote on his personal blog that Superfish "uses a 'man-in-the-middle attack' to break secure connections on affected laptops in order to access sensitive data and inject advertising."
Because of the way it does this, he added, "users cannot trust any secure connections they make – to any site."
Rogers is principal security researcher at the security firm Cloudflare and head of security for the hacking conference Def Con.